CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2017-17555
https://notcve.org/view.php?id=CVE-2017-17555
12 Dec 2017 — The swri_audio_convert function in audioconvert.c in FFmpeg libswresample through 3.0.101, as used in FFmpeg 3.4.1, aubio 0.4.6, and other products, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted audio file. La función swri_audio_convert en audioconvert.c en FFmpeg libswresample hasta 3.0.101, tal y como se emplea en FFmpeg 3.4.1, aubio 0.4.6 y otros productos, permite que atacantes remotos provoquen una denegación de servicio (desreferenc... • http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00012.html • CWE-476: NULL Pointer Dereference •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-17081 – Debian Security Advisory 4099-1
https://notcve.org/view.php?id=CVE-2017-17081
30 Nov 2017 — The gmc_mmx function in libavcodec/x86/mpegvideodsp.c in FFmpeg 2.3 and 3.4 does not properly validate widths and heights, which allows remote attackers to cause a denial of service (integer signedness error and out-of-array read) via a crafted MPEG file. La función gmc_mmx en libavcodec/x86/mpegvideodsp.c en FFmpeg versión 2.3 y 3.4 no valida correctamente los anchos y altos. Esto permite que atacantes remotos provoquen una denegación de servicio (error en la propiedad signedness de un número entero y lect... • https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=3516#c1 • CWE-125: Out-of-bounds Read •
CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 0CVE-2017-16840
https://notcve.org/view.php?id=CVE-2017-16840
21 Nov 2017 — The VC-2 Video Compression encoder in FFmpeg 3.0 and 3.4 allows remote attackers to cause a denial of service (out-of-bounds read) because of incorrect buffer padding for non-Haar wavelets, related to libavcodec/vc2enc.c and libavcodec/vc2enc_dwt.c. El codificador VC-2 Video Compression en FFmpeg versión 3.0 y 3.4 permite que los atacantes remotos provoquen una denegación de servicio (lectura fuera de límites) debido a un relleno incorrecto del búfer para wavelets que no son de Haar. Esto está relacionado c... • http://git.videolan.org/?p=ffmpeg.git%3Ba=commit%3Bh=a94cb36ab2ad99d3a1331c9f91831ef593d94f74 • CWE-125: Out-of-bounds Read •
CVSS: 8.8EPSS: 1%CPEs: 3EXPL: 0CVE-2017-15672
https://notcve.org/view.php?id=CVE-2017-15672
06 Nov 2017 — The read_header function in libavcodec/ffv1dec.c in FFmpeg 2.4 and 3.3.4 and possibly earlier allows remote attackers to have unspecified impact via a crafted MP4 file, which triggers an out-of-bounds read. La función read_header en libavcodec/ffv1dec.c en FFmpeg versión 2.4 y 3.3.4 y anteriores permite que atacantes remotos provoquen un impacto sin especificar mediante un archivo MP4 manipulado que desencadena una lectura fuera de límites • http://git.videolan.org/?p=ffmpeg.git%3Ba=commitdiff%3Bh=c20f4fcb74da2d0432c7b54499bb98f48236b904 • CWE-125: Out-of-bounds Read •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-15186
https://notcve.org/view.php?id=CVE-2017-15186
24 Oct 2017 — Double free vulnerability in FFmpeg 3.3.4 and earlier allows remote attackers to cause a denial of service via a crafted AVI file. Una vulnerabilidad de liberación doble (double free) en FFmpeg 3.3.4 y anteriores permite que atacantes remotos provoquen una denegación de servicio mediante un archivo AVI manipulado. • http://www.openwall.com/lists/oss-security/2017/10/20/4 • CWE-415: Double Free •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-14767
https://notcve.org/view.php?id=CVE-2017-14767
27 Sep 2017 — The sdp_parse_fmtp_config_h264 function in libavformat/rtpdec_h264.c in FFmpeg before 3.3.4 mishandles empty sprop-parameter-sets values, which allows remote attackers to cause a denial of service (heap buffer overflow) or possibly have unspecified other impact via a crafted sdp file. La función sdp_parse_fmtp_config_h264 en libavformat/rtpdec_h264.c en FFmpeg en versiones anteriores a la 3.3.4 gestiona incorrectamente los valores sprop-paremeter-sets vacíos, lo que permite que los atacantes causen una dene... • http://www.debian.org/security/2017/dsa-3996 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-14225
https://notcve.org/view.php?id=CVE-2017-14225
09 Sep 2017 — The av_color_primaries_name function in libavutil/pixdesc.c in FFmpeg 3.3.3 may return a NULL pointer depending on a value contained in a file, but callers do not anticipate this, as demonstrated by the avcodec_string function in libavcodec/utils.c, leading to a NULL pointer dereference. (It is also conceivable that there is security relevance for a NULL pointer dereference in av_color_primaries_name calls within the ffprobe command-line program.) La función av_color_primaries_name en libavutil/pixdesc.c en... • http://www.debian.org/security/2017/dsa-3996 • CWE-476: NULL Pointer Dereference •
CVSS: 7.1EPSS: 0%CPEs: 3EXPL: 0CVE-2017-14223
https://notcve.org/view.php?id=CVE-2017-14223
09 Sep 2017 — In libavformat/asfdec_f.c in FFmpeg 3.3.3, a DoS in asf_build_simple_index() due to lack of an EOF (End of File) check might cause huge CPU consumption. When a crafted ASF file, which claims a large "ict" field in the header but does not contain sufficient backing data, is provided, the for loop would consume huge CPU and memory resources, since there is no EOF check inside the loop. En libavformat/asfdec_f.c en FFmpeg 3.3.3, una denegación de servicio en asf_build_simple_index() debido a una falta de compr... • http://www.debian.org/security/2017/dsa-3996 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2017-14222
https://notcve.org/view.php?id=CVE-2017-14222
09 Sep 2017 — In libavformat/mov.c in FFmpeg 3.3.3, a DoS in read_tfra() due to lack of an EOF (End of File) check might cause huge CPU and memory consumption. When a crafted MOV file, which claims a large "item_count" field in the header but does not contain sufficient backing data, is provided, the loop would consume huge CPU and memory resources, since there is no EOF check inside the loop. En libavformat/mov.c en FFmpeg 3.3.3, una denegación de servicio en read_tfra() debido a una falta de comprobación EOE (End of Fi... • http://www.debian.org/security/2017/dsa-3996 • CWE-834: Excessive Iteration •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2017-14171
https://notcve.org/view.php?id=CVE-2017-14171
07 Sep 2017 — In libavformat/nsvdec.c in FFmpeg 2.4 and 3.3.3, a DoS in nsv_parse_NSVf_header() due to lack of an EOF (End of File) check might cause huge CPU consumption. When a crafted NSV file, which claims a large "table_entries_used" field in the header but does not contain sufficient backing data, is provided, the loop over 'table_entries_used' would consume huge CPU resources, since there is no EOF check inside the loop. En libavformat/nsvdec.c en FFmpeg versión 2.4 y 3.3.3, una denegación de servicio en nsv_parse... • http://www.debian.org/security/2017/dsa-3996 • CWE-834: Excessive Iteration •